Windows Server Hacks: AutoProf Policy Maker

Group Policy is a good tool for managing a network running Active Directory. With Group Policy, you can create policies to centralize the management of user and computer settings for different domains, sites, and organizational units. You can manage desktop environments and lock them down to reduce support calls. You can install, update, repair, and remove software remotely. You can manage security settings including account policies, auditing, EFS, and user rights. And you can redirect My Documents folders and automate administrative tasks using log-on/log-off and startup/shutdown scripts.

But what if you want to do something simple--like map a network drive, assign a printer connection, define an environment variable, deploy a Registry setting, or copy shortcuts to a folder on a user's machine? Well, it's possible to deploy Registry settings using Group Policy by creating or customizing administrative templates (.adm files), but this is not a trivial procedure. And as far as mapping drives goes, you can do that using log-on scripts, but the user has to log off and then on again before it takes effect. As far as the rest goes, you're pretty much out of luck doing such tasks using Group Policy.

At least, you were out of luck until AutoProf Policy Maker came along. This innovative product by AutoProf was released one year ago and was the first commercial product to take full advantage of the extensibility Microsoft built into Group Policy. AutoProf extends the capabilities of Group Policy objects (GPOs) to let you easily create policies that perform common tasks like map network drives, share printer connections, create and modify shortcuts, set environment variables, copy and delete files, delete temporary files, modify file attributes, and even easily add or modify any Registry setting on target machines. AutoProf also lets you configure a wide spectrum of Microsoft Office settings using Group Policy and easily create new Outlook user profiles. And all this happens within the familiar Group Policy Editor interface so that you don't have to learn any new tools or procedures (see Figure 1). You can even use Resultant Set of Policy (RSoP) to test and verify policies created using Policy Maker, and it works seamlessly with the new Group Policy Management Console (GPMC) too.

There's more. Policy Maker supports 25 different filtering options for the way these policies can be applied. For example, you can choose whether to set an environment variable on a target machine based on CPU, RAM, or another hardware factor; which language is installed; a specified range for the target machine's MAC or IP address; whether a Terminal services session is in use; and the usual domain/site/organizational unit and WMI methods that Group Policy supports. So, for example, you could create a policy that will map a drive only if the target machine has 512MB of RAM, is running Windows XP, is a laptop computer, and belongs to the Sales organizational unit.

All that is needed to make Policy Maker work on your network is the installation of a small DLL on all your client machines, which can easily be done using the Software Installation feature of Group Policy. After the DLL is deployed, you reboot your client machines and zowie--your Group Policy is supercharged with Policy Maker.

Announcing Version 2.0

Now, if that weren't cool enough, while I was writing this article I received an email from AutoProf announcing its release of version 2.0 of Policy Maker with even more power built into this amazing tool. Specifically, version 2.0 includes support for using Group Policy to configure power options, folder options, regional options, device restrictions, services, network connections, data sources, scheduled tasks, and so on. You can also now filter GPOs by security group membership, date and time, service pack level, user locale, and more. It lets you use Group Policy to start and stop services, configure the security context of a service, restrict the use of devices like floppy drives and USB ports, rotate the local administrator account password, and more.

Once you start using Policy Maker Professional 2.0 on your Active Directory network, you're going to wonder how you ever lived without it. I especially like the way it lets you easily do all the things Group Policy should be able to do itself. For example, it does a great job of letting you easily deploy a new Registry setting to target machines (see Figure 2), something that is a pain to do using scripts because you can make a mistake typing the path to the key you want to deploy.

Figure 2. Deploying a Registry key using AutoProf Policy Maker

Anyway, be sure to check out this terrific tool, as it's certainly one of the top third-party tools available for Windows administrators who work in Active Directory environments.